Overview
As an Offensive Product Security Engineer, you will play a critical role in safeguarding our products by identifying and mitigating security vulnerabilities. You will conduct comprehensive security assessments, including penetration testing, threat modeling, and code reviews, to ensure our products are resilient against potential attacks. Your expertise will help shape our security strategy, enhance our security posture, and protect our customers’ data.
Starting base pay for this role is between $117,000 and $146,000. The actual base pay is dependent upon many factors, such as transferable skills, work experience, business needs, training, location, and market demands. The base pay range is subject to change and may be modified in the future. This role will be eligible for a bonus as well as competitive medical, dental, and vision benefits, wellness reimbursement, life insurance, and a 401(k) with company match. We offer vacation and sick leave benefits (under a flexible time off policy in most states).
Responsibilities
Conduct advanced penetration testing and vulnerability assessments on our products and infrastructure.
Develop and deploy realistic attacks to test security defenses.
Develop and maintain security documentation, including policies, procedures, and guidelines.
Carry out controlled attacks to evade detection, simulate real-world attacks to exploit potential weaknesses.
Prepare and deliver technical reports to internal stakeholders
Perform vulnerability assessments, triage and provide prescriptive remediation for identified vulnerabilities
Assist in incident response and forensic analysis when security incidents occur.
Collaborate with development teams to integrate security best practices into the software development lifecycle.
Stay current on exploitation and post-exploitation techniques and incorporate them into the penetration testing
Other duties as assigned
Qualifications
Bachelor’s or master's degree in computer science, Information Security, or a related field.
4+ years of experience in information security with focus on application and cloud security
2+ years of hands-on experience in offensive security, including exploit development, vulnerability research, and penetration testing
Strong knowledge of penetration testing methodologies and tools (e.g., Metasploit, Burp Suite, Nmap, MITRE).
Proficient in performing adversary simulation attacks, red team experience
Proficient in active directory, OSINT, networking technologies
Proficiency in scripting and programming languages (e.g., Python, Java, C++).
Familiarity with cloud security (e.g., AWS, Azure, GCP) and container security (e.g., Docker, Kubernetes).
Benefits
Medical and Dental coverage available for employees, dependents, domestic partners, and spouses
Paid Time Off – Flexible options plus 10 paid company holidays where available**
All full-time positions are hybrid, with many eligible to be completely remote
Fully Paid by Origami Risk – Vision insurance, Short & Long-Term Disability Insurance, and Basic Life Insurance
Generous family leave options—including adoption and foster care placements
Pre-Tax Savings Accounts – Flexible Spending Account, Health Savings Account, Commuter Benefits, Dependent Care Savings Account
Retirement Savings – 401(k) with company match up to 4%
Employee Assistance Program (EAP) – Confidential & Free support offered to colleagues facing personal or work-related complications
Education Assistance Program – to help colleagues pursue industry/role-specific certifications
Wellness Benefits – reimbursement program to invest in healthy habits as well as support better colleague productivity and stress management
Additional coverages available – Pet Insurance, Critical Illness Insurance, and Voluntary Life & AD&D coverag
**Flexible PTO not available in California or the UK
Who We Are
Origami Risk delivers single-platform SaaS solutions that help organizations best navigate the complexities of risk, insurance, compliance, and safety management.
Founded by industry veterans who recognized the need for risk management technology that was more configurable, intuitive, and scalable, Origami continues to add to its innovative product offerings for managing both insurable and uninsurable risk; facilitating compliance; improving safety; and helping insurers, MGAs, TPAs, and brokers provide enhanced services that drive results.
A singular focus on client success underlies Origami’s approach to developing, implementing, and supporting our award-winning software solutions.
Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.
Caution: Be alert to recruiting scams. We have received reports of individuals impersonating Origami Risk recruiters to deceive candidates into disclosing personal information. These impostors use fake Origami Risk domain names and email addresses. Please double-check that any email address from an Origami Risk recruiter ends with origamirisk.com or talent.icims.com. And to confirm the legitimacy of any recruiting communication, feel free to email
[email protected].